Introduction

Despite Apple's recommendations that software developers make their applications work from read-only directories, many developers have failed to do so. In order to function properly, many apps need write access to individual files within an application's directory, to the entire directory where the app resides, or to files/directories elsewhere in the file system (such as /Library/Application Support).

This creates potential problems for Mac Admins who don't want to give multiple "Joe Users" write access to these areas. Ideally, applications should only need read/write access to files and folders located within a User's home folder, such as ~/Library/Preferences or ~/Library/Application Support, or to other common world-writable areas like /tmp/.

Some installers (such as Omnipage Pro X) will not work unless the installer is given root privileges, which should immediately make OS X admins a bit nervous. One should also be wary of installers that ask for an admin login/password.

Luckily there are a few options for solving these problems. I will go over a few examples and workarounds.

Here are a few descriptions and workarounds for applications that don't work ideally from the standpoint of a Mac Admin. If you know of a Mac OS X app that should be added to this list, please send us some details.

After installing an application that you've determined to be problematic, you'll need to figure out exactly which files/folders were installed. To do this you've got several options, covered here.
Once you've located the files/folders that the app wants write access to, you'll need to appropriately set the permissions for all of the application's installed files. A few useful tools for setting file permissions in Mac OS X are also covered here.